Emerald@lemmy.world to linuxmemes@lemmy.world · 7 months agoDebian security amirite?lemmy.worldimagemessage-square73fedilinkarrow-up1990arrow-down115
arrow-up1975arrow-down1imageDebian security amirite?lemmy.worldEmerald@lemmy.world to linuxmemes@lemmy.world · 7 months agomessage-square73fedilink
minus-squareTangledHyphae@lemmy.worldcakelinkfedilinkarrow-up1·7 months agoI doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is. https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b The hooked RSA_public_decrypt verifies a signature on the server’s host key by a fixed Ed448 key, and then passes a payload to system(). It’s RCE, not auth bypass, and gated/unreplayable.
I doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is.
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b